Security Gateways

WHY Use a Security Gateway to Protect your Network Perimeter?

Many organisations connect to the internet using a basic router which usually provides minimal or no control over who or what is using your internet connection.

They also can allow traffic from the Internet through to your internal systems, often with only rudimentary control that provides little or no protection for your internal systems, and with little or no sensible method of monitoring what is happening at your network perimeter.

At ethernal we particularly recommend the range of security gateways from Sophos and as a Sophos Cerified partner can supply the full range of SOPHOS security gateways.

Although we can install, configure and integrate with many different firewalls and gateways, for most businesses, the Sophos range of security gateways provides an ideal solution to protect your network perimeter.

Sophos Unified Threat Management (UTM) security gateways are available in a variety of forms to suit a range of budgets from one man businesses to large corporations.

As a stand alone appliance
As a virtual machine in your VMware, Hyper-V or other virtualisation platform
As software to be installed on your own computer hardware
As a cloud service.

Sophos UTM devices contain a huge amount of functionality within a compact easy to manage device.

Network Protection

Stateful deep packet inspection firewall
Intrusion protection (IPS): Deep packet inspection engine, 18,000+ patterns
Selective IPS patterns for maximum performance and protection
IPS pattern aging algorithm for optimal performance
Flood protection: DoS, DDoS and portscan blocking
Country blocking by region or individual country (over 360 countries) with separate inbound/ outbound settings and exceptions
Site-to-site VPN: SSL, IPSec, 256- bit AES/3DES, PFS, RSA, X.509 certificates, pre-shared key
Remote access: SSL, IPsec, iPhone/ iPad/Cisco VPN client support
VoIP handling for SIP and H.323 connections
Connection tracking helpers: FTP, IRC, PPTP, TFTP
Identity-based rules and configuration with Authentication Agent for users

Web Protection

URL Filter database with 35 million+ sites in 96 categories and 65+ languages
Application Control: Accurate signatures and Layer 7 patterns for thousands of applications
Dynamic application control based on productivity or risk threshold
View traffic in real-time, choose to block or shape
Malware scanning: HTTP/S, FTP and web-based email via dual independent antivirus engines (Sophos & Avira) block all forms of viruses, web malware, trojans and spyware
Fully transparent HTTPS filtering of URLs
Option for selective HTTPS Scanning of untrusted sites
Advanced web malware protection with JavaScript emulation
Live Protection real-time in-the-cloud lookups for the latest threat intelligence
Potentially unwanted application (PUA) download blocking
Malicious URL reputation filtering backed by SophosLabs
Reputation threshold: set the reputation threshold a website requires to be accessible from internal network
Active content filter: File extension, MIME type, JavaScript, ActiveX, Java and Flash
True-File-Type detection/scan within archive files
YouTube for Schools enforcement
SafeSearch enforcement
Google Apps enforcement

Email Protection

Reputation service with spam outbreak monitoring based on patented Recurrent-Pattern-Detection technology
Advanced spam detection techniques: RBL, heuristics, SPF checking, BATV, URL scanning, grey listing, RDNS/ HELO checks, expression filter and recipient verification
Block spam and malware during the SMTP transaction
Detects phishing URLs within e-mails
Global & per-user domain and address black/white lists
Recipient Verification against Active Directory account
E-mail scanning with SMTP and POP3 support
Dual antivirus engines (Sophos & Avira)
True-File-Type detection/scan within archive files
Scan embedded mail formats: Block malicious and unwanted files with MIME type checking
Quarantine unscannable or over-sized messages
Filter mail for unlimited domains and mailboxes
Automatic signature and pattern updates
Sophos Live Anti-Virus real-time cloud lookups

Webserver Protection

Reverse proxy
URL hardening engine
Form hardening engine
Deep-linking control
Directory traversal prevention
SQL injection protection
Cross-site scripting protection
Dual-antivirus engines (Sophos & Avira)
HTTPS (SSL) encryption offloading
Cookie signing with digital signatures
Path-based routing
Outlook Anywhere protocol support
Reverse authentication (offloading) for form-based and basic authentication for server access
Auto server discovery scans attached networks and identifies web servers
Integrated load balancer spreads visitors across multiple servers
Predefined firewall profiles for Microsoft Outlook Web Access (OWA)
Quick server switch allows easy maintenance
Skip individual checks in a granular fashion as required
Match requests from source networks or specified target URLs
Support for logical and/or operators
Assists compatibility with various configurations and non-standard deployments
Options to change WAF performance parameters
Upload custom WAF rules
Scan size limit option
Allow/Block IP ranges
Wildcard support for server paths
Automatically append a prefix/suffix for authentication

UTM Endpoint Protection and Management

Windows endpoint protection with Sophos Antivirus and device control
On-access, on-demand or scheduled scanning for malware, viruses, spyware and Trojans
PUA scanning
Live Protection Antivirus provides real-time, in-thecloud lookups for the latest threat intelligence
HIPS with suspicious behavior detection
Web protection with malicious site protection
Download scanning
Device control including removable storage, optical media, modems, Bluetooth, wireless, infrared and more
Web in Endpoint enforcement of web policy and web malware scanning on the endpoint with full policy and reporting synchronization with the UTM
Fully managed within the UTM
Easy deployment from the UTM using using our installer
Monitor connected endpoints, threat status and device utilization with full log access
Alerts for infected endpoints

Remote Offices

Sophos UTM devices support remote offices that allow all or selected traffic to/from remotes site to pass through the UTM thus enhancing security. These devices are called RED (Remote Ethernet Devices) for short.

Central Management of all RED appliances from Sophos UTM
No configuration: Automatically connects through a cloud-based provisioning service
Secure encrypted tunnel using digital X.509 certificates and AES256- encryption
RED sites are fully protected by the Network, Web and Mail security subscriptions of the Central UTM.
Virtual Ethernet for reliable transfer of all traffic between locations
IP address management with centrally defined DHCP and DNS Server configuration
Remotely de-authorize RED devices after a select period of inactivity
Compression of tunnel traffic* (RED 50, RED 10 revision 2, 3)
VLAN port configuration options* (RED 50)

Logging and Reporting

Logging: Remote syslog, nightly rotation, email/ftp/ SMB/SSH archiving and log management service
On-box reporting: Packet filter, intrusion protection, bandwidth and day/week/month/year scales
Identity-based reporting
PDF or CSV report exporting
Executive report scheduling and archiving
Reactive reporting engine crafts reports as you click on data
Save, instantly email or subscribe recipients to any reports Ì PDF and CSV exporting of reports
Nightly compression and rotation of logs
Log file archiving: On-box, FTP, SMB, SSH, Email and Syslog
Hundreds of on-box reports
Daily activity reporting
URL filter override report
Per-user tracking and auditing
Anonymization of reporting data to enforce privacy policy
Full transaction log of all activity in human-readable format
Web log searching parameters per user, URL or action
Sophos iView dedicated reporting appliance

For a more comprehensive look at the features of Sophos UTM security gateways please refer to complete feature list.